Here you are. You’ve done your cultural assessment, you were able to identify the holes in the organizations security awareness efforts, you modified training and created a 12 month content plan to fix this. It’s time to sit back, and see some real user behavior change right? Quick question: How do you know that your plan worked? Are users reporting more issues to the help desk? Are people more able to identify phishing emails? Are users retaining the information from annual …

Read more »

Percent Retained = Information acquired    *100 Information presented   Retention is one of the main goals of any successful security awareness architecture. Without retention every poster, video, or lunch-and-learn is as valuable as ‘Snooki’ teaching a lesson in ethics. No one cares nor would they walk away knowing anything new or useful. The reason retention is such big factor in security is because of the relationship between memories and the forgetting curve. (See previous blog for full explanation). In …

Read more »

Imagine that you are the head of security awareness at an organization (not a stretch for some) and have been charged with getting people to report issues to the help desk. You decide, in your infinite wisdom, to encourage them to report issues to the help desk by giving them $1 each time they report a valid problem. The week after implementing the new reward program the number of issues reported to the help desk has increased 100 fold. You …

Read more »

After reading through my last 3 blogs I realized that something needs to be clarified. Even though surveying and interviewing humans is required in order to create successful security architecture it’s HARD! There are so many things that influence answers, cause people to tense up and shut down, or just not understand what your questions are asking. In fact making a survey is so involved that I had to take a 4-month graduate level course on it before they would …

Read more »

The process of evaluating and changing an organizations user behavior can be a large and daunting task –similar to looking at a picture of the milk-way galaxy with the task of counting the rings around all the planets- but rest assured it can be broken down into a very simple process to follow. Over the next few weeks I will talk about how to identify key behaviors through assessment of an organizations culture, how to identify what about that culture …

Read more »